itlawwikiaorg-20200214-history
Insider threat
Definitions General An insider threat is Category:Security Category:Computer crime Category:Definition Category:Military Information technology An insider threat is Military An insider threat is U.S. federal government An insider threat Overview Such insiders are the principal source of computer crimes. One of the most harmful and difficult to detect threats to information security is the trusted insider who uses privileges in a malicious manner to disrupt operations, corrupt data, exfiltrate sensitive information, or compromise IT systems. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of the organization's computer system often allows them to gain unrestricted access to the system and to cause damage to the system or to steal system data. The insider threat also includes outsourcing vendors. "Insider threats are influenced by a combination of technical, behavioral, and organizational issues and must be addressed by policies, procedures, and technologies. Accordingly, best practices to mitigate insider threats involve an organization's staff in management, human resources (HR), legal counsel, physical security, information technology (IT), and information assurance (IA), as well as data owners and software engineers."Anticipating and Solving the Nation's Cybersecurity Challenges, at 3. "Some of the risks posed from insider threats in the financial sector are . . .: * Undesired disclosure of confidential customer and account data — jeopardizing an organization's most valuable relationships * Fraud * Loss of intellectual property * Disruption to critical infrastructure * Monetary loss * Regulatory repercussions * Destabilization, disruption, and destruction of financial institutions' cyber assets * Embarrassment, and public relations/reputational risk issues."Cybersecurity Best Practices Guide, at 17. Technical defenses Techniques to mitigate the insider threat focus on monitoring systems to identify unauthorized access, establish accountability, filter malicious code, and track data pedigree and integrity. While an array of partial measures exists for countering the insider threat, these measure are limited in scope and capabilities. Among the challenges that add to the difficulty of this problem are: * The scale and diversity of the computing infrastructure, in terms of numbers and types of platforms, missions supported, infrastructure architectures and configurations, and worldwide geographic distribution. * The size, variety, and fluidity of the workforce in general and, in the case of military missions, the need to interface with allied and ad hoc coalition partners. * The variety of highly complex computer security environments that range from unclassified systems to classified networks, and from private sector systems and networks that support business and electronic commerce to critical infrastructure process control systems. * Policy discovery, which is the process by which the kinds of access permitted to insiders is determined. Such policies are difficult to formulate. The trusted insider operates within this large interconnected world of information systems relatively unchecked and unmonitored beyond the basic security mechanisms used primarily to detect untrusted outsiders and prevent them from penetrating and exploiting information assets. These factors make insider threat a complex problem that is beyond the scope of commercially available tools. References See also * Inside attack * Inside threat * Insider * Insider attack * Insider Threat Advisory Group * Insider Threat Study * Insider Threat Vulnerability Assessment * Malicious insider threat External resource * Nick Bradley, The Threat Is Coming from Inside the Network: Insider Threats Outrank External Attacks, SecurityIntelligence (June 1, 2015) (full-text). Category:Security Category:Computer crime Category:Definition Category:Military